Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] ftp
  • From: Stephan Martin <sm@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 1 Mar 2000 18:19:35 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0003011815570.361-100000@xxxxxxxxxxxxxxxxxxx>
HiHO...

> what are recommended ways of securing ftp access from internal networks
> to the internet?

the most important thing ist to disable active ftp and only allow passive
mode.

so you can filter it with ipchains, when you allow outgoing packets with and
without ack-bit set to port 20 and 21 and incoming packets from port 20 and 21
*with* ack-bit set.

stephan

____________________________________________________________
| .~. s.martin@xxxxxx |
| /V\ fon +49(0)911.2256 03 |
| /( )\ fax +49(0)911.2256 06 |
| ^`~'^ mobile +49(0)173.380 43 12 |
| pgp: http://www.xhponozon.com/keys/stephan.asc |
|___________________________________________________________|



< Previous Next >
References